Sample code for 30+ languages & platforms
SQL Server

PKCS11 Find Private Key by Label

See more PKCS11 Examples

Demonstrates how to find a private key based on a user-specified label.

Note: This example requires Chilkat v9.5.0.96 or later.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

    DECLARE @pkcs11 int
    EXEC @hr = sp_OACreate 'Chilkat.Pkcs11', @pkcs11 OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
    -- For example:
    EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll'

    -- Use your HSM's PIN.
    DECLARE @pin nvarchar(4000)
    SELECT @pin = '0000'

    -- Normal user = 1
    DECLARE @userType int
    SELECT @userType = 1

    -- Establish a logged-on user session with the HSM.
    EXEC sp_OAMethod @pkcs11, 'QuickSession', @success OUT, @userType, @pin
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pkcs11
        RETURN
      END

    -- Provide a template to find a PKCS11 object.
    DECLARE @jsonTemplate int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonTemplate OUT

    -- Find an RSA private key with the label "MySshKey".
    -- Here's an example of how the key was originally imported: 
    -- PKCS11 Import SSH Key
    EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'class', 'private_key'
    EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'key_type', 'rsa'
    EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'label', 'MySshKey'

    DECLARE @privKeyHandle int
    EXEC sp_OAMethod @pkcs11, 'FindObject', @privKeyHandle OUT, @jsonTemplate
    IF @privKeyHandle = 0
      BEGIN
        EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pkcs11
        EXEC @hr = sp_OADestroy @jsonTemplate
        RETURN
      END

    -- The private key handle is only valid during the PKCS11 session.
    -- If you wish to use the private key in another PKCS11 session,
    -- you'll first need to find it.  See:  

    PRINT 'private key handle: ' + @privKeyHandle

    -- Do whatever you wish with the private key handle...
    -- ...
    -- ...

    EXEC sp_OAMethod @pkcs11, 'Logout', @success OUT
    EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT

    EXEC @hr = sp_OADestroy @pkcs11
    EXEC @hr = sp_OADestroy @jsonTemplate


END
GO